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Amendments to the Claims 

This listing of claims will replace all prior versions and listings of claims in the application: 
Listing of claims: 

1 . (currently amended) A method for providing cryptographic functions to data packets «4he 
PPP below the network layer of a network stack and transparent to the network laver. the method 
including the steps of: 

intercepting [[PPP]] datagrams ift bound to said network s taok ond outbound of network 
gteete transferred_betweeii the network laver and an o ther laver below the network laver said 
[[PPP]] datagrams hfiji|ijgLff>fia^^ by a header and a footer mmt^<}i y^tk Umf^X between 
the netWQrjdaveLJJid_saidj)t^ and having at least one encapsulated data packet 
e ncap s ulat e d th e r e by ; 

decapsulating said [[PPP]] datagrams bv removing said header and said footer to retrieve 
said at least one encapsulated data packet; 

examining said at least one encapsulated data packet and referencing a security policv to 
determine whether to process said at least one encapsulated data packet according to said 
securitv policv using said cryptographic functions; 

if said at least one encapsulated data packet requires processing, modifying said at least 
one encapsulated data packet to provide said cryptographic functions; and 

reconstructing said datagrams bv re- encapsulating said at least one encapsulated data 
packet with said h eadeyL^nd_said footer for transmission to a next layer of along said network 
stack. 

2. (original) The method of claim 1 wherein said data packet is an IP packet having a header, an 
address and data. 

3. (original) The method of claim 1 wherein said step of modifying said data packet includes the 
further step of selecting an IPSec protocol. 

4. (currently amended) The method of claim 1 wherein the step of examining said at least one 
encapsulated data packet further includes the steps of: 
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checking header information of outbound data packets from said network [[stack]] iaxSE 
to determine if processing applies; and 

checking header information of inbound packets to said network [[stack]] layer to 
determine if said data packets include cryptographic functions. 

5. (currently amended) A system for processing data packets for secure communications between 
correspondents of said system by providing cryptographic functions to data packets at the PPP 
below the network layer of a network stack and transparent to the network laver. said system 
having: 

a packet interceptor [[to]] for intercep ting [[PPP]] datagrams inbound to said network 
stack and outbound of said staok transferred between the networkJayer and an other laver below 
the network layer, said [[PPP]] datagrams being encapsulated by a header and a footer associated 
with transfer between the network laver and said otherJayeiLimdJiaving including at least one 
encapsulated [[IP]] data packe t, said packet interceptor for encapsulated thereby, and to 
dooapaulate decapsulating said [[PPP]] datagrams bv removingLMidiieader and said footer to 
retrieve said at least one encapsulated [[IP]] data packe t and said packet interceptor for 
reconstructing said datagrams bv re-encapsulating said at least one data packet with said header 
and said footer fortransmissioxLalong said network stack : 

a security policy manager including at least one security policv [[for]] storing processing 
rules for said data packets and for selecting at least one of said processing rules for said at least 
one encapsulated [[IP]] data packet according tQ_said_^curity policy ; and 

a processing module for intoroopting and examining said at least one encapsulated [[ff ]] 
data packet decapsulated bv said packet interceptor and if said at leastj^ne^ncaosulated data 
packet requires processin g, modifying said at least one encapsulated [[IP]] data packet by 
selecting and applying said cryptographic functions thereto, said processing module being in 
communication with said security policy manager; 

wherein said [[PPP]] datagrams are intercepted and examined in accordance with said 
processing rules. 

6. (currently amended) The system of claim 5, wherein the packet interceptor is a software 
module located at the [[PPP]] data link layer of the network stack. 
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7. (original) The system of claim 6, wherein said software module is a driver included in a kernel 
of an operating system in computer readable medium of said system. 

8. (previously presented) The system of claim 5, wherein the cryptographic functions are 
implemented using an IPsec protocol by said processing module. 

9. (previously presented) The system of claim 5, wherein said secure communications between 
correspondents of said system are provided via a virtual private network. 

10. (currently amended) A method for providing a cryptographic system for communication 
between correspondents in a conununication network to data packets at th e PPP below the 
network layer of a network stack, said method comprising the steps of: 

providing a security module in a computer readable medium at each of said respondents, 
said security module having: 

a packet interceptor for intercepting [[PPP]] datagrams transferred between the 
network laver and an Qther laver below the network laver. said datagrams being 
encapsulated bv a header and a footer associated with transfer between the network laver 
and said other laver and having at least one encapsulated data packet e ncapsulated 
thereby , [[and]] said packet interceptor for decapsulating said [[PPP]] datagrams fex 
removing said header an d said footer to retrieve said at least one encapsulated data 
packet, and said packet interceptor for reconstructing said datagrams bv re-encapaulating 
said at least one data packet with said header a nd said footer for transmission alone said 
network stack: 

a security policy majiager [[for]] including at least one securitv policy storing 
processing rules for said data packets and fos selecting at least one processing [[rules]] 
£Ui§ for said encapsulated data packet according to said securitv policy ; and 

a processing module for intorccpting and examining said at least one encapsulated 
data packet decapsulated bv said packe t interceptor , and if said at least one encapsulated 
dat# p^ffkgt requires processin g, modifying said at least one encapsulated data packet by 
selecting and applying cryptographic functions thereto, said processing module being in 
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communication with said security policy manager; 

examining said data packets decapsulated by said packet interceptor outbound from said 
coirespondents to determine whether processing by said processing module is required; and 

examining [[inbound]] said data packets decapsulated bv said packet interceptor inbound 
to said correspondents to determine whether processing by said processing module is required by 
checking whether said data packets include cryptographic functions. 

11. (new) A method according to claim 1 wherein said other layer is the data link layer. 

12. (new) A method according to claim 1 1 wherein said datagrams are PPP datagrams. 

13. (new) A method according to claim 1, said at least one encapsulated data packet being an IP 
data packet. 

14. (new) A method according to claim 1 wherein said modifying comprises IPSec tunneling, 

15. (new) A method according to claim 1 wherein said referencing comprises reviewing a 
predetermined set of selectors being one or more of a destination IP address and a transport layer 
port. 
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